Managing New Risks
from
January/February 2002
by Lee Errickson
September 11 and all that’s happened since demonstrate one thing: the pieces of the world’s economy stand so close that if any one of them topples, it sets off a tumbling-dominoes effect that reaches into all kinds of areas. Since the attacks we’ve seen sweeping changes in consumer attitudes, world economic health, fiscal policy, diplomacy, surrender of privacy, and war-making. Any one of these could turn the most stable company on its head. And terrorism isn’t the only trigger. Political instability, natural disaster, local economic failure, and, of course, war put everything at risk too. What’s more, the smart money says that companies may be facing additional risk because interest rates, currency rates, and other economic factors affecting profits will shift far more dramatically in the future than they have since the 1970s. Risks that used to be dismissed will be taken seriously, and losses resulting from faulty risk management will be magnified.
What’s the role of a board of directors in managing risk? In January 1996 a review board composed of U.S. regulators, British regulators, and investment banks codified “generally accepted risk principles” (GARP) as a guide for the capital-markets industry. Although these principles aren’t mandates, the fundamental themes underlying GARP reflect pieces of wisdom accumulated by regulators. They’re also infused with common sense. In the world according to GARP, the board has the ultimate responsibility for risk management. Along with top executives, directors must evaluate all the risks to which a company is exposed and the systems that are in place to cover them. And risk-management objectives and policies must be a key factor in the company’s overall business strategy.
The board’s first step is to identify and evaluate all the perils the company faces. This sounds simpler than it is, particularly if you’re a director of a small to midsize company, which is unlikely to have its own risk managers who can brief the board on insurance and hedging instruments. A smaller company may also lack relationships with erudite bankers and the financial-services subsidiaries of insurance companies that can package customized financial instruments to mitigate abstruse risks.
If your company doesn’t have such inside experts or outside contacts, don’t let top management try to handle risk by itself. Instead, bring in experts for brainstorming sessions with the board. Talk to the directors of other companies in your industry to see how they’re governing and managing risk in GARP’s world. Insurance brokers, internal risk managers, and risk-management organizations can advise you on which of your risks are insurable and what the cost will be.
The hunt for such expertise has already picked up, according to Douglas Oliver and Allan Roopan, vice presidents at the New York City office of Chubb Financial Solutions, a subsidiary of the big insurer Chubb Corp. “The September 11 attack precipitated a huge macroeconomic shock,” says Roopan. “More companies are aware of risk.”
The foremost question a board needs to ask is whether its company is covered against acts of terrorism, from bombs to biochemicals. The core insurance covering terrorism is for property damage, commercial general liability, and workers’ compensation. Such policies are written on, or patterned after, standard forms drafted by insurance-rating organizations like the Insurance Services Office (ISO) and the National Council on Compensation Insurance (NCCI). The ISO’s property-damage and commercial-general-liability policies don’t specifically exclude acts of terrorism, nor does the NCCI exclude the workers’-compensation claims that may follow a terrorist strike. Indeed, the International Risk Management Institute recently offered the opinion that most existing insurance policies present no basis for a denial of claims arising out of the recent terrorist attacks. But obviously, you have to have insurance before you can make a claim. Check that you do.
There may be a time limit on such claims, however. Dean R. O’Hare, Chubb’s chairman and CEO, has told Congress that the industry will be able to pay all claims from the terrorist attacks of September 11. But he went on to say that reinsurers will probably exclude terrorism at the first opportunity, and called on Congress to form an insurance pool that can offer coverage. Since reinsurance agreements are typically renewed at year’s end, companies facing the threat of terrorism—a growing group, and certainly not limited to airlines—could lose their coverage by early 2002. The Bush administration has proposed a government subsidy for the settlement of terrorism claims, and also wants to cap the insurance industry’s liability. Legislators have until the end of the year to decide whether they’ll go along with this idea.
Another important issue for boards is insuring key executives. Some companies are already buying “key person” insurance and, to reduce the risk of losing more than one top manager at a time, are setting limits on how many can fly on the same airplane. Boards should also consider kidnap, ransom, and extortion insurance, whose use has grown along with globalization and the proliferation of multinational companies. Kidnap and ransom coverage applies to actual abductions and any instance in which a ransom is paid in the reasonable belief that an abduction has occurred. Extortion coverage protects against threats to damage the insured party’s premises, use or divulge its proprietary information, contaminate its raw materials or products, or infect its computer system with a virus.
Threats to cybersecurity, including computer hacking, are risks your company should manage with special care. AIG, Chubb, Lloyd’s of London, Marsh and McLennan, SafetyOnline, JS Wurzler, and Zurich Financial Services Group provide hacker insurance. But underwriters can be very particular, so be prepared to demonstrate that your security meets their requirements. (For more, see “How to Tighten Computer Security,” page 15.)
In addition to buying traditional insurance, most companies manage their financial risks by hedging interest rates and currency exchange rates. Technology companies frequently acquire equity in concerns with complementary products and services to strengthen their industry position. Because the stock prices of technology outfits can be volatile, many of them also buy options on their investments in one another as a way to limit potential losses. Some companies that didn’t adequately manage risk have lost billions of dollars on their investments. Despite its hedge on at least one equity security, for example, Cisco Systems recently reported a loss of $5.8 billion on its investments in other technology companies.
Hedging investments usually means reducing losses, not eliminating them. Even so, the stock markets’ hair-trigger sensitivity to surprises and other factors means that a forward-looking board should be pushing the company to hedge all its investments as well as it can. Changing interest rates will affect its debt payments, its investments in debt instruments, and the prices of any contracts (such as office leases) that are indexed to interest rates. There are currency risks in any contract a company is party to in which payments are denominated in non-U.S. currency, and in assets held in another country that aren’t offset by liabilities denominated in that country’s currency.
Both interest-rate and currency risks can be hedged with financial instruments known as forwards, options, or swaps. Any of these plain-vanilla derivatives is available from a major commercial bank, an investment bank, or the financial-services subsidiary of an insurance company. At Chubb Financial Solutions, clients are asking for credit default swaps, a form of insurance against defaulting customers.
Some top managers believe that shareholders pay them to manage risk by making decisions, and consider hedging and the like equivalent to delegating or outsourcing decision-making. Others believe that the judicious employment of insurance and hedges is part of management’s job. Obviously, a wise board makes sure that its management strikes the right balance. But it won’t be long before security analysts, fund managers, and investors recognize the added value in companies that can discern risks and find efficient, creative ways to avoid or mitigate them. Those are the companies that will survive these tumultuous times.
